Category Started On Completed On Duration Cuckoo Version
FILE 2016-06-16 11:07:56 2016-06-16 11:18:15 619 seconds 1.2
Machine Label Manager Started On Shutdown On
WindowsXPSP3 WindowsXPSP3 VirtualBox 2016-06-16 11:07:56 2016-06-16 11:18:13

File Details

File name drozen3_malware1.exe
File size 94720 bytes
File type PE32 executable (console) Intel 80386, for MS Windows
CRC32 D0E3C5E0
MD5 45fcebf359a772400634e56499aa90b0
SHA1 f04fe8cd5ba5ca9c37c3933949fe42181c7f02a0
SHA256 6148b10f71810029b6d9101dd854f4870984f33ea1a3d35c7fc78d2ff8867941
SHA512 c70f89e3d579ce1b317f5a3b042edbb15e966165bd0c7cd228e5b057c3afec7bc6245c2d2f906e248d97b62838ded38a913f2b43d8bfe66f7c4b02f6b6b01183
Ssdeep 1536:heOmsWjcdWCOgbfHFUlavsin0FrDba4t4SYyrrG7cUOax0:heOJWvg7HClavsi0FTaOz8cU1x0
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-06-10 10:01:55
Detection Rate: 23/56 (Expand)

Signatures

No signatures matched

Screenshots

Static Analysis

Sections

Imports

Strings

Dropped Files

drozen3_malware1.exe

Network Analysis

Hosts Involved

Behavior Summary

Files
  • C:\DOCUME~1\cuckoo\LOCALS~1\Temp\drozen3_malware1.exe
Mutexes
  • eclipseddos
Registry Keys
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_CURRENT_USER\Software\Resilience Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
  • HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName
  • ActiveComputerName

Processes

registry filesystem process services network synchronization

drozen3_malware1.exe PID: 2000, Parent PID: 1908

iexplore.exe PID: 1036, Parent PID: 2000

iexplore.exe PID: 512, Parent PID: 1036

Volatility

Nothing to display.